CVE-2024-58337

Akuvox Smart Intercom S539 Improper Access Control via ServicesHTTPAPI

CVSS 8.7 HIGHEPSS 0.2%CWE-862

Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

The Akuvox Company · Akuvox Smart Doorphone The Akuvox Company · Akuvox Smart Intercom

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://cxsecurity.com/issue/WLB-2024110042 https://packetstormsecurity.com/files/182870/https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-improper-access-control-via-serviceshttpapi https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php